@secure-exec/browser 0.0.0-agentos-dylib-base.edaa4a4

package/dist/worker-adapter.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Browser worker adapter.
+ *
+ * Wraps the Web Worker API for spawning Workers.
+ * Requires COOP/COEP headers for SharedArrayBuffer support.
+ */
+export interface WorkerHandle {
+    postMessage(data: unknown, transferList?: Transferable[]): void;
+    onMessage(handler: (data: unknown) => void): void;
+    onError(handler: (err: Error) => void): void;
+    onExit(handler: (code: number) => void): void;
+    terminate(): void;
+}
+export declare class BrowserWorkerAdapter {
+    /**
+     * Spawn a Web Worker for the given script URL.
+     */
+    static create(scriptUrl: string | URL, options?: {
+        workerData?: unknown;
+    }): WorkerHandle;
+}

package/dist/worker-adapter.js

@@ -0,0 +1,41 @@
+/**
+ * Browser worker adapter.
+ *
+ * Wraps the Web Worker API for spawning Workers.
+ * Requires COOP/COEP headers for SharedArrayBuffer support.
+ */
+// biome-ignore lint/complexity/noStaticOnlyClass: This class is part of the public browser package API.
+export class BrowserWorkerAdapter {
+    /**
+     * Spawn a Web Worker for the given script URL.
+     */
+    static create(scriptUrl, options) {
+        const worker = new Worker(scriptUrl, { type: "module" });
+        // Send workerData as the initial message (Web Workers don't have
+        // a constructor option for this like Node's worker_threads)
+        if (options?.workerData !== undefined) {
+            worker.postMessage({
+                type: "init",
+                workerData: options.workerData,
+            });
+        }
+        return {
+            postMessage(data, transferList) {
+                worker.postMessage(data, transferList ?? []);
+            },
+            onMessage(handler) {
+                worker.addEventListener("message", (e) => handler(e.data));
+            },
+            onError(handler) {
+                worker.addEventListener("error", (e) => handler(new Error(e.message)));
+            },
+            onExit(_handler) {
+                // Web Workers don't have an exit event — the terminate()
+                // caller is responsible for cleanup
+            },
+            terminate() {
+                worker.terminate();
+            },
+        };
+    }
+}

package/dist/worker-protocol.d.ts

@@ -0,0 +1,104 @@
+import type { ExecResult, OSConfig, ProcessConfig, RunResult, StdioChannel, TimingMitigation } from "./runtime.js";
+import type { BrowserSyncBridgePayload, BrowserWorkerSyncRequestMessage } from "./sync-bridge.js";
+export type SerializedPermissions = {
+    fs?: string;
+    network?: string;
+    childProcess?: string;
+    env?: string;
+};
+export type BrowserWorkerExecOptions = {
+    filePath?: string;
+    env?: Record<string, string>;
+    cwd?: string;
+    stdin?: string;
+    timingMitigation?: TimingMitigation;
+};
+export type BrowserWorkerExtensionRequestPayload = {
+    namespace: string;
+    payload: Uint8Array;
+};
+export type BrowserWorkerExtensionResponse = {
+    namespace: string;
+    payload: Uint8Array;
+};
+export type BrowserWorkerInitPayload = {
+    processConfig?: ProcessConfig;
+    osConfig?: OSConfig;
+    permissions?: SerializedPermissions;
+    filesystem?: "opfs" | "memory";
+    networkEnabled?: boolean;
+    timingMitigation?: TimingMitigation;
+    payloadLimits?: {
+        base64TransferBytes?: number;
+        jsonPayloadBytes?: number;
+    };
+    syncBridge?: BrowserSyncBridgePayload;
+};
+type BrowserWorkerControlMessage = {
+    controlToken: string;
+};
+export type BrowserWorkerRequestMessage = (BrowserWorkerControlMessage & {
+    id: number;
+    type: "init";
+    payload: BrowserWorkerInitPayload;
+}) | {
+    controlToken: string;
+    id: number;
+    type: "exec";
+    payload: {
+        executionId: string;
+        code: string;
+        options?: BrowserWorkerExecOptions;
+        captureStdio?: boolean;
+    };
+} | {
+    controlToken: string;
+    id: number;
+    type: "run";
+    payload: {
+        executionId: string;
+        code: string;
+        filePath?: string;
+        captureStdio?: boolean;
+    };
+} | {
+    controlToken: string;
+    id: number;
+    type: "signal";
+    payload: {
+        executionId: string;
+        signal: number;
+    };
+} | (BrowserWorkerControlMessage & {
+    id: number;
+    type: "extension";
+    payload: BrowserWorkerExtensionRequestPayload;
+}) | (BrowserWorkerControlMessage & {
+    id: number;
+    type: "dispose";
+});
+export type BrowserWorkerResponseMessage = (BrowserWorkerControlMessage & {
+    type: "response";
+    id: number;
+    ok: true;
+    result: ExecResult | RunResult | BrowserWorkerExtensionResponse | true;
+}) | {
+    controlToken: string;
+    type: "response";
+    id: number;
+    ok: false;
+    error: {
+        message: string;
+        stack?: string;
+        code?: string;
+    };
+};
+export type BrowserWorkerStdioMessage = BrowserWorkerControlMessage & {
+    type: "stdio";
+    executionId: string;
+    requestId: number;
+    channel: StdioChannel;
+    message: string;
+};
+export type BrowserWorkerOutboundMessage = BrowserWorkerResponseMessage | BrowserWorkerStdioMessage | BrowserWorkerSyncRequestMessage;
+export {};

package/dist/worker-protocol.js

@@ -0,0 +1 @@
+export {};

package/dist/worker-sidecar-client.d.ts

@@ -0,0 +1,71 @@
+import type { SidecarProcessTransport } from "@secure-exec/core/sidecar-client";
+import { SidecarProcess } from "@secure-exec/core/sidecar-process";
+import { BROWSER_SIDECAR_ERROR_MESSAGE, BROWSER_SIDECAR_READY_MESSAGE, BROWSER_SIDECAR_READY_TIMEOUT_MS, isBrowserSidecarControlMessage, type BrowserSidecarControlMessage, type BrowserSidecarErrorMessage, type BrowserSidecarReadyMessage } from "./sidecar-worker-protocol.js";
+import type { LiveSidecarEventSelector } from "@secure-exec/core/event-buffer";
+import type { LiveOwnershipScope } from "@secure-exec/core/ownership";
+import { type LiveEventFrame, type LiveResponseFrame, type LiveSidecarRequestHandler, type ProtocolFramePayloadCodec } from "@secure-exec/core/protocol-frames";
+import type { LiveRequestPayload } from "@secure-exec/core/request-payloads";
+export declare const BROWSER_SIDECAR_FRAME_TIMEOUT_MS = 120000;
+export declare const BROWSER_SIDECAR_EVENT_BUFFER_CAPACITY = 4096;
+export { BROWSER_SIDECAR_ERROR_MESSAGE, BROWSER_SIDECAR_READY_MESSAGE, BROWSER_SIDECAR_READY_TIMEOUT_MS, isBrowserSidecarControlMessage, type BrowserSidecarControlMessage, type BrowserSidecarErrorMessage, type BrowserSidecarReadyMessage, };
+export type BrowserSidecarWorkerMessageEvent = {
+    data: unknown;
+};
+export type BrowserSidecarWorkerErrorEvent = {
+    message?: string;
+    error?: unknown;
+};
+export interface BrowserSidecarWorker {
+    postMessage(message: unknown, transfer?: readonly unknown[]): void;
+    addEventListener(type: "message", listener: (event: BrowserSidecarWorkerMessageEvent) => void): void;
+    addEventListener(type: "error", listener: (event: BrowserSidecarWorkerErrorEvent) => void): void;
+    removeEventListener(type: "message", listener: (event: BrowserSidecarWorkerMessageEvent) => void): void;
+    removeEventListener(type: "error", listener: (event: BrowserSidecarWorkerErrorEvent) => void): void;
+    terminate?(): void;
+}
+export interface BrowserSidecarWorkerConstructor {
+    new (scriptUrl: string | URL, options?: {
+        type?: "classic" | "module";
+        name?: string;
+    }): BrowserSidecarWorker;
+}
+export interface WorkerSidecarProtocolClientOptions {
+    endpoint: {
+        postMessage(message: unknown, transfer?: readonly unknown[]): void;
+    };
+    listen(handler: (message: unknown) => void): () => void;
+    listenError?: (handler: (error: Error) => void) => () => void;
+    disposeEndpoint?: () => void | Promise<void>;
+    frameTimeoutMs?: number;
+    eventBufferCapacity?: number;
+    payloadCodec?: ProtocolFramePayloadCodec;
+    disposedErrorMessage?: string;
+    transfer?: (payload: Uint8Array) => readonly unknown[];
+}
+export interface CreateWorkerSidecarProcessFromUrlOptions extends Omit<WorkerSidecarProtocolClientOptions, "endpoint" | "listen" | "disposeEndpoint"> {
+    workerUrl: string | URL;
+    WorkerConstructor?: BrowserSidecarWorkerConstructor;
+    workerName?: string;
+    readyTimeoutMs?: number;
+}
+export declare class WorkerSidecarProtocolClient implements SidecarProcessTransport {
+    private readonly protocolClient;
+    private readonly disposeEndpoint?;
+    private readonly disposedErrorMessage;
+    private readonly stopErrorListening?;
+    constructor(options: WorkerSidecarProtocolClientOptions);
+    static fromWorker(worker: BrowserSidecarWorker, options?: Omit<WorkerSidecarProtocolClientOptions, "endpoint" | "listen" | "disposeEndpoint">): WorkerSidecarProtocolClient;
+    setSidecarRequestHandler(handler: LiveSidecarRequestHandler | null): void;
+    onEvent(handler: (event: LiveEventFrame) => void): () => void;
+    sendRequest(input: {
+        ownership: LiveOwnershipScope;
+        payload: LiveRequestPayload;
+    }): Promise<LiveResponseFrame>;
+    waitForEvent(matcher: LiveSidecarEventSelector | ((event: LiveEventFrame) => boolean), timeoutMs?: number, options?: {
+        signal?: AbortSignal;
+    }): Promise<LiveEventFrame>;
+    failPermanently(error: Error): void;
+    dispose(): Promise<void>;
+}
+export declare function createWorkerSidecarProcess(worker: BrowserSidecarWorker, options?: Omit<WorkerSidecarProtocolClientOptions, "endpoint" | "listen" | "disposeEndpoint">): SidecarProcess;
+export declare function createWorkerSidecarProcessFromUrl(options: CreateWorkerSidecarProcessFromUrlOptions): Promise<SidecarProcess>;

package/dist/worker-sidecar-client.js

@@ -0,0 +1,152 @@
+import { MessageFrameTransport } from "@secure-exec/core/message-frame-transport";
+import { SidecarProtocolClient } from "@secure-exec/core/protocol-client";
+import { SidecarProcess } from "@secure-exec/core/sidecar-process";
+import { BROWSER_SIDECAR_ERROR_MESSAGE, BROWSER_SIDECAR_READY_MESSAGE, BROWSER_SIDECAR_READY_TIMEOUT_MS, isBrowserSidecarControlMessage, } from "./sidecar-worker-protocol.js";
+import { decodeProtocolFramePayload, encodeProtocolFramePayload, } from "@secure-exec/core/protocol-frames";
+export const BROWSER_SIDECAR_FRAME_TIMEOUT_MS = 120_000;
+export const BROWSER_SIDECAR_EVENT_BUFFER_CAPACITY = 4_096;
+export { BROWSER_SIDECAR_ERROR_MESSAGE, BROWSER_SIDECAR_READY_MESSAGE, BROWSER_SIDECAR_READY_TIMEOUT_MS, isBrowserSidecarControlMessage, };
+export class WorkerSidecarProtocolClient {
+    protocolClient;
+    disposeEndpoint;
+    disposedErrorMessage;
+    stopErrorListening;
+    constructor(options) {
+        const payloadCodec = options.payloadCodec ?? "bare";
+        const frameTransport = new MessageFrameTransport({
+            endpoint: options.endpoint,
+            listen: options.listen,
+            encodeFrame: (frame) => encodeProtocolFramePayload(frame, payloadCodec),
+            decodeFrame: (payload) => decodeProtocolFramePayload(payload, payloadCodec),
+            transfer: options.transfer ?? transferProtocolPayload,
+        });
+        this.protocolClient = new SidecarProtocolClient({
+            frameTransport,
+            frameTimeoutMs: options.frameTimeoutMs ?? BROWSER_SIDECAR_FRAME_TIMEOUT_MS,
+            eventBufferCapacity: options.eventBufferCapacity ??
+                BROWSER_SIDECAR_EVENT_BUFFER_CAPACITY,
+            payloadCodec,
+            stderrText: () => "",
+        });
+        this.disposeEndpoint = options.disposeEndpoint;
+        this.disposedErrorMessage =
+            options.disposedErrorMessage ?? "browser sidecar client disposed";
+        this.stopErrorListening = options.listenError?.((error) => {
+            this.failPermanently(error);
+        });
+    }
+    static fromWorker(worker, options = {}) {
+        return new WorkerSidecarProtocolClient({
+            ...options,
+            endpoint: worker,
+            listen: (handler) => {
+                const listener = (event) => {
+                    handler(event.data);
+                };
+                worker.addEventListener("message", listener);
+                return () => {
+                    worker.removeEventListener("message", listener);
+                };
+            },
+            disposeEndpoint: () => {
+                worker.terminate?.();
+            },
+        });
+    }
+    setSidecarRequestHandler(handler) {
+        this.protocolClient.setSidecarRequestHandler(handler);
+    }
+    onEvent(handler) {
+        return this.protocolClient.onEvent(handler);
+    }
+    async sendRequest(input) {
+        return await this.protocolClient.sendRequest(input);
+    }
+    async waitForEvent(matcher, timeoutMs, options) {
+        return await this.protocolClient.waitForEvent(matcher, timeoutMs, options);
+    }
+    failPermanently(error) {
+        this.protocolClient.failPermanently(error);
+    }
+    async dispose() {
+        this.protocolClient.failPermanently(new Error(this.disposedErrorMessage));
+        this.protocolClient.dispose();
+        this.stopErrorListening?.();
+        await this.disposeEndpoint?.();
+    }
+}
+export function createWorkerSidecarProcess(worker, options = {}) {
+    return SidecarProcess.fromClient(WorkerSidecarProtocolClient.fromWorker(worker, options));
+}
+export async function createWorkerSidecarProcessFromUrl(options) {
+    const WorkerConstructor = options.WorkerConstructor ?? globalThis.Worker;
+    if (typeof WorkerConstructor !== "function") {
+        throw new Error("browser sidecar Worker constructor is not available");
+    }
+    const worker = new WorkerConstructor(options.workerUrl, {
+        type: "module",
+        ...(options.workerName ? { name: options.workerName } : {}),
+    });
+    try {
+        await waitForBrowserSidecarReady(worker, {
+            timeoutMs: options.readyTimeoutMs ?? BROWSER_SIDECAR_READY_TIMEOUT_MS,
+        });
+    }
+    catch (error) {
+        worker.terminate?.();
+        throw error;
+    }
+    return createWorkerSidecarProcess(worker, options);
+}
+async function waitForBrowserSidecarReady(worker, options) {
+    await new Promise((resolve, reject) => {
+        let settled = false;
+        let timer = null;
+        const cleanup = () => {
+            worker.removeEventListener("message", onMessage);
+            worker.removeEventListener("error", onError);
+            if (timer !== null) {
+                clearTimeout(timer);
+                timer = null;
+            }
+        };
+        const settle = (callback) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            cleanup();
+            callback();
+        };
+        const onMessage = (event) => {
+            const message = event.data;
+            if (!isBrowserSidecarControlMessage(message)) {
+                return;
+            }
+            if (message.type === BROWSER_SIDECAR_READY_MESSAGE) {
+                settle(resolve);
+                return;
+            }
+            settle(() => {
+                reject(new Error(message.message));
+            });
+        };
+        const onError = (event) => {
+            settle(() => {
+                reject(event.error instanceof Error
+                    ? event.error
+                    : new Error(event.message ?? "browser sidecar Worker failed"));
+            });
+        };
+        worker.addEventListener("message", onMessage);
+        worker.addEventListener("error", onError);
+        timer = setTimeout(() => {
+            settle(() => {
+                reject(new Error(`timed out waiting for browser sidecar Worker ready message after ${options.timeoutMs}ms`));
+            });
+        }, options.timeoutMs);
+    });
+}
+function transferProtocolPayload(payload) {
+    return [payload.buffer];
+}

package/dist/worker.d.ts

@@ -0,0 +1 @@
+export {};